Encryption

If you want to encrypt your backups you have 2 options:
* use simple password encryption
* use GPG public key encryption

IMPORTANT: some gpg installations automatically set 'use-agent' option in the default
configuration file that is created when you run gpg for the first time. This will cause
gpg to fail on the 2nd run if you don't have the agent running. The result is that
'astrails-safe' will work ONCE when you manually test it and then fail on any subsequent run.
The solution is to remove the 'use-agent' from the config file (usually /root/.gnupg/gpg.conf)
To mitigate this problem for the gpg 1.x series '--no-use-agent' option is added by defaults
to the autogenerated config file, but for gpg2 is doesn't work. as the manpage says it:
"This is dummy option. gpg2 always requires the agent." :(

For simple password, just add password entry in gpg section.
For public key encryption you will need to create a public/secret keypair.

We recommend to create your GPG keys only on your local machine and then
transfer your public key to the server that will do the backups.

This way the server will only know how to encrypt the backups but only you
will be able to decrypt them using the secret key you have locally. Of course
you MUST backup your backup encryption key :)
We recommend also pringing the hard paper copy of your GPG key 'just in case'.

The procedure to create and transfer the key is as follows:

run gpg --gen-key on your local machine and follow onscreen instructions to create the key
(you can accept all the defaults).

since we don't keep the secret part of the key on the remote server, gpg has
no way to know its yours and can be trusted.
To fix that we can sign it with other trusted key, or just directly modify its
trust level in gpg (use level 5):